Friday, 4 January 2019

Now that MS have removed the ability for users that were synced with AD to Office 365 to be 'cloud only' accounts (after a delete and restore user) this causes a few issues.
As the user accounts are still synced we must extend the AD schema to add additional Exchange properties that can be synced to Azure AD.
First find an install on the MS site for latest Exchange, you don't need a license as you're not actually going to install it.
Extract the package using 7-zip or similar into a folder.
Run the setup.exe with the following parameters on a domain controller with a user account that has admin privileges:Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
This will add the extended Schema, you may need to wait for all DC's to sync or user repadmin to force a sync.
A few quick powershell commands to set the parameters to hide old users from the address lists (after you have renamed them and set their emails to a none default domain, we use the test onmicrosoft.com one)Set-ADUser -identity zzzzz -Add @{msExchHideFromAddressLists=$true}
Use the short login name for identity.
Once AD is synced to Azure AD you should find that the users mailboxes (we convert to shared mailboxes) are now set to not show in address lists.

You may need to Refresh the Directory Schema in your Azure AD Connect after installing the Exchange Schema and run a full sync. (Still seems to be issues here with it not synchronising, still investigating and will update ASAP)

Saturday, 26 May 2018

Using the cli53 command from https://github.com/barnybug/cli53 caused a slight issue with AWS credentials. We were seeing:

Error: NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrorsThis was due to no credentials file in ~/.aws/ even though the config file there had the credentials in it. Easy fix is to copy the config file to credentials.